Security audit

Java Code Format Review

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it is under-scoped for a formatting aid because it can lead an agent to run repository build tools and perform broader correctness review.

Install only if you want a broader Java code-quality review skill, not just formatting. Use it in repositories you trust, and require the agent to ask before running Maven, Gradle, static-analysis, or auto-format commands, especially commands that can execute build scripts or rewrite Java files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The skill is presented as a formatting-review aid, but it instructs the agent to run shell commands and invoke Maven/Gradle/static-analysis tooling against the repository. That materially expands the skill from passive review into active codebase interaction and command execution, which increases attack surface and can enable unintended command execution, data exposure, or supply-chain side effects when used in untrusted repositories.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The documented scope drifts from formatting consistency into bug-risk, exception handling, null-safety, concurrency, logging, and behavioral correctness checks. This mismatch can cause an agent to overreach beyond the user-approved task, producing unnecessary analysis, accessing more context than needed, or triggering workflows inconsistent with the declared purpose.

Intent-Code Divergence

High

Confidence: 91% confidence
Finding: The skill explicitly says it is not for functional correctness, but later mandates checks that assess runtime behavior and correctness, such as NPE prevention, transaction rollback, exception semantics, concurrency safety, and resource handling. Contradictory instructions are dangerous because they can mislead operators about what the agent will do and bypass user expectations or governance controls tied to declared scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal